Senior Network Security Engineer

Job Summary:

We are seeking a highly skilled Senior Network Security Engineer with deep expertise in Network Security

technologies. This is a technical, hands-on role within the Network Security Engineering & Deployment team. The

ideal candidate will possess Level 3/Subject Matter Expert (SME)-level knowledge and practical experience in

managing, designing, and troubleshooting Network Security products such as Firewalls, Intrusion Detection &

Prevention Systems (IDPS), Web Application Firewalls (WAF), Micro-segmentation, Web Proxies, and DNS.

Roles & Responsibilities

Part of a team that is responsible for the Network Security Engineering & Deployment function and will play a key role

in Datacenter Migration projects.

Network Transformation Architecture:

• Lead the design, engineering, and execution of next-generation network transformation solutions.

• Collaborate with internal teams, including cloud, security, and application stakeholders, to align network

infrastructure with business needs.

• Provide technical leadership in building resilient, scalable, and secure hybrid and multicloud network

environments.

Design, Deployment, and Operations:

• Architect and deploy advanced Network Security across datacenters (DC1 & DC2).

• Integrate network security products with Cisco ACI environments to deliver seamless and secure connectivity

with optimal performance.

• Act as an escalation point for the Operations team on network security issues, providing Level 3

troubleshooting and SME-level support.

• Collaborate with vendors, TAC, and internal teams to resolve complex network & Security incidents and

escalations.

Policy Management and Automation:

• Develop and enforce policy-driven network security architectures.

• Leverage automation tools (e.g., Ansible, Python, XSOR) to enhance operational efficiency and minimize

manual interventions.

• Ensure compliance with industry standards and internal governance policies while aligning network security

configurations with best practices.

Documentation and Governance:

• Maintain accurate network security diagrams, operational runbooks, and technical documentation.

• Ensure all security implementations adhere to governance frameworks and meet regulatory compliance

requirements.

Mentorship and Knowledge Sharing:

• Provide Level3/SME-level support and guidance to peers and stakeholders within the organization.

• Lead knowledge transfer sessions on network security technologies and best practices.

Preferred qualifications :

Education:

• Bachelor’s or Master’s degree in Computer Science, Information Technology, or related field.

• Certifications : CISSP,CCSA ,CCSE,PCNSE,ICE,BIG-IP ASM Specialist or equivalent will be preferred.

Technical Expertise:

10 to 15 years of experience in Network Security technologies like Firewalls, Intrusion Detection &

Prevention Systems (IDPS), Web Application Firewalls (WAF), Micro-segmentation, Web Proxies, and DNS

Firewall Technologies:

▪ Next-Generation Firewalls (NGFWs): Understanding of advanced features like Application Awareness,

Intrusion Prevention, and Deep Packet Inspection.

▪ Checkpoint Firewall Architecture: Expertise in Threat Prevention, VPNs, and High Availability (HA)

configuration.

▪ Palo Alto Networks NGFWs: Knowledge of App-ID, WildFire, and User-ID for enhanced security.

▪ Firewall Rule Optimization: Experience in defining and fine-tuning access control policies and inspecting

network traffic for threats.

▪ Expertise in implementing DNS Security solutions to prevent attacks such as DNS Spoofing, Cache Poisoning,

and DDoS attacks targeting DNS infrastructure.

Intrusion Detection and Prevention Systems (IDPS):

▪ Signature-Based IDS/IPS: Expertise in configuring and managing signature-based detection.

▪ Anomaly-Based IDS/IPS: Deep knowledge of Behavioral Analysis for detecting suspicious patterns and zero

day attacks.

▪ Integrated Security Operations: Integration of IDPS with SIEM systems for centralized log management and

threat detection.

Web Application Security:

▪ Web Application Firewall (WAF): Expertise in configuring and managing F5 ASM or equivalent WAF solutions

for protecting applications from vulnerabilities.

▪ Bot Protection and DDoS Mitigation: Knowledge of Bot Management and DDoS Defense strategies for

protecting web applications.

Microsegmentation and Zero Trust Security:

▪ Microsegmentation: Proficiency in tools like Illumio or Guardicore for isolating and securing workloads within

the data center and cloud environments.

▪ Zero Trust Architecture (ZTA): Expertise in defining and enforcing access policies based on identity and device

posture, and validating every user and device before granting access.

Network Access Control (NAC):

Aruba ClearPass: Expertise in configuring role-based access control and integrating ClearPass with other network

security solutions.

Cisco Identity Services Engine (ISE): Knowledge of 802.1X, MAB (MAC Authentication Bypass), and Guest Access in NAC

environments.

DNS & IP Address Management (IPAM):

Infoblox DDI (DNS, DHCP, IPAM): Experience in configuring and managing Infoblox for network address allocation, DNS

resolution, and advanced DNS security.

DNS Security: Expertise in securing DNS infrastructure through DNSSEC, DNS filtering, and DNS over HTTPS (DoH).

Traffic Visibility & Monitoring:

Network Traffic Analysis:

Proficiency in using tools like Wireshark, Riverbed App Response , Cisco Thousand Eyes ,NetFlow, and sFlow for traffic

analysis and anomaly detection.

Security Information and Event Management (SIEM):

Expertise in integrating network devices with Splunk, Elastic or Equivalent for threat visibility and incident response.

Routing Protocols & VPNs:

BGP (Border Gateway Protocol): In-depth understanding of BGP routing policies, route filtering, and peering in large

scale network environments.

OSPF (Open Shortest Path First): Expertise in dynamic routing configuration, including OSPF multi-area and OSPFv3 for

IPv6 support.

Site-to-Site and Remote Access VPNs: Knowledge of configuring IPSec VPNs and SSL VPNs for secure communications

across branches and remote users.